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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 20 September 2004 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD, 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-61 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-6 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) [3 Claim(s) 7-61 are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

2,0 Certified copies of the priority documents have been received in Application No. . 

3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . Claims 1 - 6 have been presented for examination. Claims 1 and 6 have been 
amended; and new claims 7-61 have been added in an amendment filed 12/14/2004. 

Restriction 

2. Newly amended and submitted claims 7-61 are directed to an invention that is 
independent or distinct from the invention originally claimed for the following reasons: 

Inventions original claims 1 - 6 and newly amended and submitted claims 7-61 
are related as subcombinations disclosed as usable together in a single combination. 
The subcombinations are distinct from each other if they are shown to be separately 
usable. 

In instant case, invention newly submitted claims 7-61 disclose a method of 
deriving the integrity metric by the trusted device that controls the boot process based 
on the calculations and configurations from group of hardware and software 
components including BIOS. ROM, operating system loader and entities and validating 
those authenticated values provided by a trusted 3 rd party using the nonce (i.e. random 
number) and private encryption key, and the claims belong to class 713/161. However, 
the previous claims disclose using the value of the integrity metric of a trusted device to 
assign a trust level to the computer entity, which belongs to class 713/200, which 
relates to computer security. See MPEP § 806.05(d). 
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Since applicant has received an action on the merits for the originally presented 
invention, this invention has been constructively elected by original presentation for 
prosecution on the merits. Accordingly, Newly submitted claims 7-61 are withdrawn 
from consideration as being directed to a non-elected invention. See 37 CFR 1.142(b) 
and MPEP§ 821.03. 



Response to Arguments 

3. Applicant's arguments with respect to the subject matter of the original 
presentation of claims 1 - 6 have been fully considered but are not persuasive. 

As per claim 1, Applicant argues "Saudi discloses none of the secrets as being a 
measurement relating to the integrity of the trusted device of a computing entity to which 
it relates, and therefore none of these secrets are, or are capable of performing the 
functions of, an integrity metric as claimed" (Page 13, 2 nd Paragraph, Line 5 - 8). 

Examiner notes the integrity metric is interpreted as the value that can enforce 
the desired level of protection (i.e. authentications) such as the device unique serial 
number, firmware version number, device private signature key (Saudi: see for 
example, Column 16 Line 45 - Column 17 Line 7 & Figure 24 Element 240); and this 
trust device is associated a computer entity (Saudi: see for example, Column 7 Line 45 
- 47). Although the claims are interpreted in light of the specification, limitations from 
the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d 1057 (Fed. Cir. 1993). 
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Applicant further argues "Austel dose not disclose calculating an integrity metric 
and does not teach determining of trust in one computer entity by another computer 
entity" (Page 15 Line 1 and Page 15 Line 14), Examinre notes Applicant's argument 
has no merit since the alleged limitation has not been recited into the claim as to 
calculating an integrity metric. Furthermore, Examiner notes Saudi is relied upon to 
provide the integrity metric and Austel is relied upon assigning integrity access class 
(i.e. trust level) through an independent external evaluation process which is selected 
from the group consisting of Common Criteria EAL levels (Austel: see for example, 
Column 13 Line 33 - 36 & Figure 8). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 . Claims 1 , 2 and 6 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Sudia (Patent Number: 6009177), hereinafter referred to as Sudia, in view of 
Austel (Patent Number: 6430561), hereinafter referred to as Austel, and evidenced by 
ISO/IEC-15408 ("Common Criteria for Information Technology Security Evaluation", 
August.1999), hereinafter referred to as ISO/IEC-15408. 
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2. As per claims 1 and 6, Sudia teaches computer apparatus comprising a receiver 
for receiving an integrity metric for a computer entity via a trusted device associated 
with the computer entity, the integrity metric having values for a plurality of 
characteristics associated with the computer entity (Sudia: for example, Column 16 Line 
50 - 67 and Column 44 Line 31 - 55 and Figure 24 Elements 240/241/248); 

3. Sudia does not teach a controller for assigning a trust level to the computer entity 
from a plurality of trust levels, wherein the assigned trust level is based upon the value 
of at least one of the characteristics of the received integrity metric. 

4. Austel teaches a controller for assigning a trust level to the computer entity from 
a plurality of trust levels, wherein the assigned trust level is based upon the value of at 
least one of the characteristics of the received integrity metric (Sudia: for example, 
Column 1 3 Line 33 - 36 and Figure 8). 

5. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Austel within the system of Sudia 
because Austel teaches the prevention of tampering and unauthorized modification to 
files (Austel: see for example, Column 6 Line 39 - 40). 

6. This is also evidenced by ISO/IEC-15408 (ISO/IEC-15408: for example, 
Common Criteria Part I Section 4.1.1 5 th Paragraph). 

7. As per claim 2, Sudia as modified teaches the claimed invention as described 
above (see claim 1 ). Sudia as modified further teaches the trusted device is arranged 
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to acquire an integrity metric of the computer entity (Sudia: for example, Column 16 Line 
50 - 67 and Column 44 Line 31 - 55 and Figure 24 Elements 240/241/248). 

8. Claims 3 - 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sudia (Patent Number: 6009177), hereinafter referred to as Sudia, in view of Austel 
(Patent Number: 6430561 ), hereinafter referred to as Austel, and in view of Trostle 
(Patent Number: 5919257), hereinafter referred to as Trostle. 

9. As per claim 3, Sudia as modified teaches the claimed invention as described 
above (see claim 1 ). Sudia as modified does not teach the trust level is determined by 
comparing the value of the at least one characteristics with a specified value. 

1 0. Trostle teaches the trust level is determined by comparing the value of the at 
least one characteristics with a specified value (Trostle: for example, Column 2 Line 3 - 
7). 

11. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Trostle within the system of Sudia 
because Trostle teaches detecting unauthorized changes to files (Trostle: see for 
example, Column 1 Line 13-15). 

12. As per claim 4, Sudia as modified teaches the claimed invention as described 
above (see claim 1 ). Sudia as modified further teaches the plurality of trust levels are 
determined base upon a plurality of specified values associated with a plurality of 
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characteristics of a computer entity (Trostle: see for example, Column 2 Line 3-7, 
Column 5 Line 5-7 and Column 5 Line 12 - 16). 

13. As per claim 5, Sudia as modified teaches the claimed invention as described 
above (see claim 1 ). Sudia as modified further teaches the plurality of trust levels are 
determined based upon a plurality of specified values associated with characteristics for 
a plurality of computer entities (Trostle: see for example, Column 3 Line 10-13, 
Column 3 Line 20 and Figure 1 Element 12). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Longbit Chai 
Examiner 
Art Unit 2131 
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